Skip to Content

ANS-C01: Correcting Inaccurate Remote User Locations with AWS Client VPN Split Tunneling

By: Author Alex Lim

Posted on

Categories Amazon, Exam

Learn how to optimize AWS Client VPN routing to resolve incorrect geographic detection for remote users by enabling split tunneling and specific routes without disrupting access.

Table of Contents

Question

A company recently started using AWS Client VPN to give its remote users the ability to access resources in multiple peered VPCs and resources in the company’s on-premises data center. The Client VPN endpoint route table has a single entry of 0.0.0.0/0. The Client VPN endpoint is using a new security group that has no inbound rules and a single outbound rule that allows all traffic to 0.0.0.0/0.

Multiple remote users report that web search results are showing incorrect geographic location information for the users.

Which combination of steps should a network engineer take to resolve this issue with the LEAST amount of service interruption? (Choose three.)

A. Switch users to AWS Site-to-Site VPNs.
B. Enable the split-tunnel option on the Client VPN endpoint.
C. Add routes for the peered VPCs and for the on-premises data center to the Client VPN route table.
D. Remove the 0.0.0.0/0 outbound rule from the security group that the Client VPN endpoint uses.
E. Delete and recreate the Client VPN endpoint in a different VPC.
F. Remove the 0.0.0.0/0 entry from the Client VPN endpoint route table.

Answer

B. Enable the split-tunnel option on the Client VPN endpoint.
C. Add routes for the peered VPCs and for the on-premises data center to the Client VPN route table.
F. Remove the 0.0.0.0/0 entry from the Client VPN endpoint route table.

Explanation

These steps:

B – Enables split tunneling to avoid default route usage
C – Adds specific routes for VPCs/on-premises resources
F – Removes default route that causes incorrect location

Compared to other options:

A – Switching VPN types causes more disruption
D – Removing security group rule breaks connectivity
E – Recreating endpoint causes an outage

By enabling split tunneling, adding specific routes and removing the default route, this resolves the location issue with minimal changes and without service interruption.

AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.